[packagekit] locking out password

Richard Hughes hughsient at gmail.com
Tue Mar 24 01:32:18 PDT 2009


On Mon, 2009-03-23 at 23:53 +0100, Adrien BUSTANY wrote:
> Yes, Daniel is right, rights in PackageKit are managed by PolicyKit,
> and the granularity is action wise, not package wise. Depending on
> your backend, there might be a way to pin the packages on the backend
> side.

I think in your situation you need to change the default authorisations
for your kid to have deny remove, deny install unsigned (unsigned
packaged) and allow install signed. The others are up to you.

Also, Daniel is very correct in saying that if he has access to the
physical machine, then it's trivial to set grub into runlevel 1 and then
pwn the machine. Or even use a live CD and boot from cdrom. You probably
want to lock down grub and the bios at a minimum.

Richard.





More information about the PackageKit mailing list